My Experience with CTX138640, vCenter 5.1, XenDesktop 7.1 and the Dreaded “Cannot connect to the vCenter server due to a certificate error”

January 22, 2014

VMware, XenDesktop

I have built a lab on my new Dell M4800 laptop using VMware Workstation 10, ESXi 5.1, vCenter 5.1, XenDesktop 7.1, StoreFront 2.1, PVS 7.1 and XenApp 6.5.  When creating my Host and Resources connection in Citrix Studio, I ran into the same error that numerous others have run into, the dreaded “Cannot connect to the vCenter server due to a certificate error”.  I am sure I am like most people and quickly found CTX138640 and tried to work through it.  Maybe others were able to follow the article but I found it sorely lacking in details.  Not being a VMware or Unix person, I had to keep working at it until I got Studio to actually work with an HTTP connection.  This quick article shows what I did to get XenDesktop 7.1 Studio working with an HTTP connection to vCenter 5.1.

Step 1: Install PuTTY

I downloaded PuTTY version 0.63 from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html and placed the EXE on my WIndows 7 desktop.

Step 2: Connnect to vCenter

I used PuTTY and connected to the IP address of my vCenter.

PuTTY Connection to vCenter

PuTTY Connection to vCenter

Step 3: Login to vCenter

Once connected to vCenter, login using the proper credentials.

Login to vCenter

Login to vCenter

Step 4:  Change to the proper directory.

Type in cd /etc/vmware-vpx (Note: this is case sensitive)

cd /etc/vmware-vpx

cd /etc/vmware-vpx

Step 5.  Edit proxy.xml using vi

Type in vi proxy.xml (Note: this is case sensitive)

I expanded my PuTTY window to full screen to capture the entire file.

I had to change ALL instances of httpsWithRedirect to httpAndHttps.

httpAndHttps

httpAndHttps

Step 6: Save changes in vi.

Press Esc and then type in :wq (that is press the Escape key, then a colon followed by the lower case letters w [write changes] and q [quit vi])

Note: I found this information here.

Saving file and quitting vi

Saving file and quitting vi

This returns you to the vCenter shell prompt.

Back to the vCenter shell prompt

Back to the vCenter shell prompt

To properly exit the PuTTY session, type exit,press Enter and the PuTTY session closes.

Note: I found this information here.

Exit from PuTTY session

Exit from PuTTY session

Step 7: Restart vCenter

To restart vCenter, I connected to my vCenter appliance using Internet Explorer, logged in and clicked on the System tab.

Connect to vCenter Appliance via Browser

Connect to vCenter Appliance via Browser

Click the Reboot button.

Reboot the vCenter Appliance

Reboot the vCenter Appliance

On my laptop, it takes about 15 minutes for the vCenter appliance to reboot and allow me to reconnect.  Once the vCenter appliance has rebooted and you are logged in, continue with the next step.

Step 8: Create the Host and Resources connection in Citrix Studio.

Start Citrix Studio and click on the Hosting node.

Citrix Studio Hosting Node

Citrix Studio Hosting Node

Click on Add Connection and Resources in the right pane.

Add Connection and Resources

Add Connection and Resources

Select VMware vSphere for the Host type.

Enter the Address for your vCenter server or appliance as http://<FQDN>/sdk

Enter the login credentials

Enter a Connection name.

Since my lab is for testing PVS 7.1, I selected Other tools.

Click Next.

Create Connection

Create Connection

Click Finish to create the connection.

Connection Created

Connection Created

Click Add Connection and Resources again the right pane.

Add Connection and Resources

Add Connection and Resources

Select Use an existing connection and click Next.

Add Resources

Add Resources

Click Browse to select the VMware cluster.

Browse for Cluster

Browse for Cluster

Select the cluster and click OK.

Select Cluster

Select Cluster

Select the Network and click Next.

Select Network

Select Network

Select your storage options and click Next.

Select Storage Options

Select Storage Options

Enter a name for your Resources and click Finish.

Note: Even though the Summary shows Create Virtual Machines with Machine Creation Services, that is completely wrong and can be ignored if you are using PVS like I am.

Finish Resource Creation

Finish Resource Creation

You have now successfully connected to vCenter using HTTP and created a host connection and created resources for the host connection.

Host Connection in Studio

Host Connection in Studio

Resource Connection in Studio

Resource Connection in Studio

I would not do this for a production deployment but for a lab, using HTTP to connect to vCenter is perfectly acceptable.   When I searched on how to change the vCenter default SSL certificates, I came across a PDF from VMware that showed there were up to 11 different SSL certificates that would have to be changed.  I said screw that and worked through this process for getting Studio to connect to vCenter using HTTP instead.  I hope you find this information useful.

Thanks

Webster

, , ,

About Carl Webster

Webster is a Sr. Solutions Architect for Choice Solutions, LLC and specializes in Citrix, Active Directory and Technical Documentation. Webster has been working with Citrix products for many years starting with Multi-User OS/2 in 1990.

View all posts by Carl Webster

7 Responses to “My Experience with CTX138640, vCenter 5.1, XenDesktop 7.1 and the Dreaded “Cannot connect to the vCenter server due to a certificate error””

  1. Christian Dalum Says:

    Very easy log-on each DDC server and import certificate from VCenter server, add certificate to “trusted People” and check you also can access url to the vcenter server with slash /sdk without any problems. (do the same task on other DDC servers in farm)
    Then is possible to add connection in studio -:)

    Reply

  2. Narayanan TH Says:

    Importing of certificate in DDC works, only when
    1. You import the certificate in each of the DDC
    2. Provide exactly the same (FQDN or NetBIOS name) as in the certificate.
    3. Restart Broker Service

    It worked for me.

    Reply

  3. Barry Schiffer Says:

    Hi Carl,

    This really is a pain in the …..

    Thanks for helping out on how to enable http access. In a production situation you could also import the vCenter certificate on your Delivery Controllers. Just browse to the vCenter website from IE and Install Certificate. IE has to be in Admin mode and you should select physical stores et cetera. This will work as well as long as you use the proper FQDN for the host connection. Might need some hosts file adjustments. It ain’t nice but it works like a charm.

    Reply

    • Carl Webster Says:

      I followed every article I could find on getting the vCenter certs installed and nothing worked. Even Jarian’s help couldn’t get the cert route working. I gave up and went the HTTP route.

      Webster

      Reply

      • Barry Schiffer Says:

        It’s working in my production environment. It was a struggle however:).

        If you want me to remotely assist you know how to reach me on my iPhone:-)!

      • Carl Webster Says:

        It is working for what I need it to do at this time. If I need it changed to work with the certs, I will be reaching out to you.

        Webster

Leave a Reply